1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Unable to access Microsoft and anti-virus/malware websites

Discussion in 'Malware and Virus Removal Archive' started by Edis, 2010/06/11.

  1. 2010/06/11
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    [Resolved] Unable to access Microsoft and anti-virus/malware websites

    Hello,

    I cannot access any Microsoft websites nor anti-virus websites such as Avast, MalwareBytes etc. I get the message "Address Not Found" in Firefox. I've had this problem for a long while now.

    I found a thread addressing this issue in this forum already (page 2 somewhere), but couldn't follow along enough to solve the problem.

    I ran "ComboFix" already and should be able to provide the logs of that if needed.

    Any help would be much appreciated!
     
    Edis,
    #1
  2. 2010/06/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You shouldn't be running Combofix on your own.

    Read this post, then post the requested log(s).
     

  3. to hide this advert.

  4. 2010/06/12
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    Hello, I've ran DDS:


    DDS.txt
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Tyler at 13:13:12.92 on 12/06/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.1992 [GMT 1:00]

    AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Thomson\ST330\service\st330service.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Spotify\spotify.exe
    C:\Documents and Settings\Tyler\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant =
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [igndlm.exe] c:\program files\download manager\dlm.exe /windowsstart /startifwork
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTuner.exe" /S
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
    StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\tyler\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tyler\applic~1\mozilla\firefox\profiles\chcx984b.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: browser.startup.homepage - c:\\documents and settings\\tyler\\my documents\\homepage.html
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    FF - plugin: c:\documents and settings\tyler\application data\mozilla\firefox\profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\tyler\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-19 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-19 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-19 138680]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-12-24 66048]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]
    S2 aysxilw;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-27 136176]
    S2 wfmamv;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-18 1684736]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-19 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-19 352920]
    S3 cpuz130;cpuz130;\??\c:\docume~1\tyler\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tyler\locals~1\temp\cpuz130\cpuz_x32.sys [?]
    S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-11-4 271856]
    S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-11-4 218608]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-9-3 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-9-3 12672]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2009-9-3 40320]

    =============== Created Last 30 ================

    2010-06-11 23:38:06 0 d-----w- c:\program files\Stunlock Studios
    2010-06-11 23:37:05 0 d-----w- c:\program files\Microsoft XNA
    2010-06-07 17:11:37 0 d-----w- C:\ComboFix
    2010-06-07 15:26:16 0 d-sha-r- C:\cmdcons
    2010-06-07 15:22:45 77312 ----a-w- c:\windows\MBR.exe
    2010-06-07 15:22:45 256512 ----a-w- c:\windows\PEV.exe
    2010-06-07 15:22:44 98816 ----a-w- c:\windows\sed.exe
    2010-06-07 15:22:44 161792 ----a-w- c:\windows\SWREG.exe
    2010-06-04 17:28:30 0 d-----w- c:\docume~1\tyler\applic~1\Dragon Age Toolset
    2010-06-04 17:12:33 0 d-----w- c:\program files\MSXML 6.0
    2010-06-04 17:10:57 0 d-----w- c:\program files\DAODB
    2010-06-04 15:56:47 0 d-----w- c:\program files\common files\PACE Anti-Piracy
    2010-06-04 15:56:47 0 d-----w- c:\docume~1\tyler\applic~1\PACE Anti-Piracy
    2010-06-04 15:56:47 0 d-----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
    2010-06-04 15:54:02 0 d-----w- c:\program files\Unity
    2010-05-28 11:13:02 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-05-28 11:13:02 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-05-28 11:13:02 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-05-28 11:13:02 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-05-28 11:13:02 153088 ----a-w- c:\windows\system32\unrar3.dll
    2010-05-28 11:13:00 0 d-----w- c:\docume~1\tyler\applic~1\Simply Super Software
    2010-05-28 11:13:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
    2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 18:08:17 34064 ----a-w- c:\windows\system32\lhacm.acm
    2010-05-27 18:08:14 0 d-----w- c:\program files\Teamspeak2_RC2
    2010-05-27 18:03:53 0 d-----w- c:\docume~1\tyler\applic~1\TS3Client
    2010-05-26 15:12:22 0 d-----w- c:\program files\Eve-MEEP
    2010-05-26 11:07:39 0 d-sh--w- c:\documents and settings\tyler\PrivacIE
    2010-05-25 12:39:06 4096 ----a-w- c:\windows\d3dx.dat
    2010-05-25 12:24:37 0 d-----w- c:\program files\PlayOnline
    2010-05-25 12:24:37 0 d-----w- c:\program files\common files\PlayOnline
    2010-05-22 18:30:06 0 d-----w- c:\program files\PKR
    2010-05-20 15:39:29 0 d-----w- c:\documents and settings\tyler\.GalleryRemote
    2010-05-17 10:12:35 8629 ----a-w- C:\sitemap.xml
    2010-05-15 17:27:41 0 d-----w- c:\program files\StarCraft II Beta
    2010-05-15 17:25:50 0 d-sh--w- c:\documents and settings\tyler\IETldCache
    2010-05-15 15:56:14 0 d-----w- c:\program files\SC2
    2010-05-15 12:03:35 0 d-----w- c:\program files\Yahoo!
    2010-05-15 12:03:14 0 dc-h--w- c:\windows\ie8
    2010-05-15 11:53:21 25808 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-14 11:48:33 0 d-----w- c:\documents and settings\tyler\.sshterm
    2010-05-14 11:48:33 0 d-----w- c:\documents and settings\tyler\.ssh

    ==================== Find3M ====================

    2010-05-24 21:13:30 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-24 20:49:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-05-07 19:48:36 75 ----a-w- c:\documents and settings\tyler\jagex_runescape_preferences2.dat
    2010-05-07 19:43:30 41 ----a-w- c:\documents and settings\tyler\jagex_runescape_preferences.dat
    2010-05-02 00:08:56 0 ----a-w- c:\documents and settings\tyler\jagex__preferences3.dat
    2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-18 13:25:20 35246 ----a-w- c:\windows\DIIUnin.dat
    2010-04-18 13:23:38 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-04-18 13:23:38 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-04-18 13:23:38 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-04-18 13:07:56 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-04-18 13:07:56 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-04-13 13:37:58 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-06 13:16:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-29 14:59:53 151552 ----a-w- c:\windows\system32\nvRegDev.dll
    2010-03-20 05:41:42 139152 ----a-w- c:\docume~1\tyler\applic~1\PnkBstrK.sys
    2010-03-20 05:41:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-03-20 05:41:20 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
    2009-03-21 14:06:58 164972 --sha-r- c:\windows\system32\sqluqt.dll

    ============= FINISH: 13:13:26.23 ===============

    Attach.txt
    DDS (Ver_10-03-17.01)
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/18/2009 1:00:56 PM
    System Uptime: 6/12/2010 1:00:48 PM (0 hours ago)

    Motherboard: alienware | | alienware
    Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 2999/332mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 226 GiB total, 31.684 GiB free.
    D: is Removable
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 5/18/2010 12:34:35 PM - System Checkpoint
    RP2: 5/19/2010 10:43:42 PM - System Checkpoint
    RP3: 5/21/2010 12:22:46 PM - System Checkpoint
    RP4: 5/23/2010 9:54:47 PM - System Checkpoint
    RP5: 5/25/2010 12:41:11 PM - System Checkpoint
    RP6: 5/25/2010 1:24:07 PM - Installed FINAL FANTASY XI
    RP7: 5/25/2010 1:24:25 PM - Installed PlayOnline Viewer & Tetra Master
    RP8: 5/25/2010 1:25:50 PM - Installed FINAL FANTASY XI
    RP9: 5/25/2010 1:33:07 PM - Installed FINAL FANTASY XI: Rise of the Zilart
    RP10: 5/25/2010 1:35:51 PM - Installed FINAL FANTASY XI: Chains of Promathia
    RP11: 5/25/2010 1:37:34 PM - Installed FINAL FANTASY XI: Treasures of Aht Urhgan
    RP12: 5/26/2010 4:12:21 PM - Installed Eve-MEEP
    RP13: 5/27/2010 6:05:17 PM - System Checkpoint
    RP14: 5/28/2010 1:31:26 PM - Removed FEAR
    RP15: 5/28/2010 1:32:11 PM - Removed Machinima Studio
    RP16: 5/28/2010 1:33:46 PM - Removed Nero 7 Essentials
    RP17: 5/29/2010 6:53:14 PM - System Checkpoint
    RP18: 5/31/2010 11:52:10 AM - System Checkpoint
    RP19: 6/1/2010 3:38:35 PM - System Checkpoint
    RP20: 6/3/2010 4:46:20 PM - System Checkpoint
    RP21: 6/5/2010 11:49:55 AM - System Checkpoint
    RP22: 6/6/2010 4:11:27 PM - System Checkpoint
    RP23: 6/7/2010 8:02:04 PM - System Checkpoint
    RP24: 6/9/2010 7:14:15 PM - System Checkpoint
    RP25: 6/11/2010 11:56:59 PM - Installed Microsoft XNA Framework
    RP26: 6/12/2010 12:37:05 AM - Installed Microsoft XNA Framework Redistributable 3.1
    RP27: 6/12/2010 12:38:02 AM - Installed Bloodline Champions Beta

    ==== Installed Programs ======================

    AAC Decoder
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Color Video Profiles AE CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dreamweaver CS3
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS3
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9.2
    Adobe Setup
    Adobe Shockwave Player 11
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetRGB
    Age of Conan - Hyborian Adventures
    AiO_Scan_CDA
    Aion
    AiOSoftwareNPI
    APB Beta-EU
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    avast! Antivirus
    Battlefield 2 Standalone Demo Server
    Battlefield 2(TM) Demo
    BitTorrent
    Bloodline Champions Beta
    Bonjour
    BufferChm
    C5100
    c5100_Help
    CCleaner (remove only)
    Cities XL
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    Diablo II
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    Download Manager 2.3.7
    Dungeons and Dragons Online™ - Eberron Unlimited™ - Live
    eSupportQFolder
    Eve-MEEP
    EVE Online (remove only)
    EVEMon
    Fax_CDA
    FileZilla Client 3.3.0.1
    FINAL FANTASY XI
    FINAL FANTASY XI: Chains of Promathia
    FINAL FANTASY XI: Rise of the Zilart
    FINAL FANTASY XI: Treasures of Aht Urhgan
    Fraps (remove only)
    FullDPAppQFolder
    Global Agenda Live
    Google Earth
    Google Update Helper
    Guild Wars
    H.264 Decoder
    High Definition Audio Driver Package - KB888111
    Hitman Blood Money
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Software Update
    HP Solution Center 7.0
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevices
    InstantShareDevicesMFC
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    LightScribe 1.4.124.1
    LiveZilla
    Machinima Studio
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Go
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Choice Guard
    Microsoft IntelliPoint 7.0
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft XNA Framework
    Microsoft XNA Framework Redistributable 3.1
    MKV Splitter
    Mozilla Firefox (3.0.19)
    MSRuntime Libraries
    MSVCRT
    MSXML 6.0 Parser
    NCsoft Launcher
    NewCopy_CDA
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA Photoshop Plug-ins
    NVIDIA PhysX
    Oblivion
    OCR Software by I.R.I.S 7.0
    Octoshape Streaming Services
    OpenAL
    OpenOffice.org 3.2
    Opera 10.53
    PanoStandAlone
    PDF Settings
    PhotoGallery
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PKR
    PlayOnline Viewer & Tetra Master
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    Portal
    ProductContextNPI
    PunkBuster Services
    QuickTime
    R.U.S.E. Beta
    RandMap
    Readme
    Realtek High Definition Audio Driver
    RivaTuner v2.24
    Safari
    Scan
    ScannerCopy
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB973346)
    Segoe UI
    SkinsHP1
    Skype web features
    Skype™ 4.1
    SlideShow
    SlimDX Redistributable (March 2009)
    SolutionCenter
    Sonic_PrimoSDK
    Sony Vegas Movie Studio 8.0
    SpeedTouch 330
    SpeedTouch USB Software
    Spotify
    SQL Server System CLR Types
    StarCraft II Beta
    Status
    Steam
    Suite Shared Configuration CS4
    TeamSpeak 2 RC2
    TeamViewer 5
    The Endless Forest
    Toolbox
    TrayApp
    Turbine Download Manager - Live
    Unity
    Unload
    Unreal Development Kit: 2010-02
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    WebFldrs XP
    WebReg
    WG111v2 Configuration Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR archiver
    Xfire (remove only)

    ==== Event Viewer Messages From Past Week ========

    6/6/2010 3:00:07 PM, error: Service Control Manager [7023] - The System Monitor service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    6/6/2010 3:00:07 PM, error: Service Control Manager [7023] - The Helper Windows service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    6/6/2010 2:58:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    ==== End Of File ===========================
     
    Edis,
    #3
  5. 2010/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Now, I'd like to see your Combofix log, since you ran it already.
     
  6. 2010/06/12
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    Thanks for the swift reply.

    ComboFix.txt

    ComboFix 10-06-06.04 - Tyler 07/06/2010 16:29:50.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2350 [GMT 1:00]
    Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Tyler\Application Data\.#
    c:\program files\AskSearch\bin\DefaultSearch.dll
    c:\windows\system32\_000126_.tmp.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
    .

    2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
    2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
    2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
    2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
    2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
    2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
    2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
    2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 19:41 . 2010-05-27 19:41 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcp71.dll
    2010-05-27 19:41 . 2010-05-27 19:41 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\jmc.dll
    2010-05-27 19:41 . 2010-05-27 19:41 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcr71.dll
    2010-05-27 19:41 . 2010-05-27 19:41 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-sse.dll
    2010-05-27 19:41 . 2010-05-27 19:41 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-d3d.dll
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
    2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
    2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
    2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
    2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_E9899D3A52B54A6415E79F.exe
    2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_D0D7B2C4BE083D47D3E75D.exe
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
    2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
    2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
    2010-05-22 19:55 . 2010-05-22 19:55 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
    2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
    2010-05-17 11:01 . 2010-05-17 11:01 315392 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl.dll
    2010-05-17 11:01 . 2010-05-17 11:01 20480 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_awt.dll
    2010-05-17 11:01 . 2010-05-17 11:01 114688 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_cg.dll
    2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2
    2010-05-15 12:04 . 2010-05-15 12:04 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
    2010-05-15 12:03 . 2010-05-28 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
    2010-05-15 12:03 . 2010-05-29 08:58 -------- d-----w- c:\program files\Yahoo!
    2010-05-15 12:03 . 2010-05-15 12:03 -------- dc-h--w- c:\windows\ie8
    2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
    2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Opera
    2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
    2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.sshterm
    2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.ssh
    2010-05-12 21:34 . 2010-05-12 21:34 655360 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
    2010-05-12 21:34 . 2010-05-12 21:34 282624 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
    2010-05-12 21:34 . 2010-05-12 21:34 208896 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
    2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-07 14:35 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
    2010-06-07 13:01 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
    2010-06-06 16:34 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
    2010-06-05 14:03 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
    2010-06-04 17:14 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
    2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
    2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
    2010-06-01 14:15 . 2010-02-11 22:05 1 ----a-w- c:\documents and settings\Tyler\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-05-29 14:33 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
    2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
    2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-27 10:26 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
    2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
    2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
    2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
    2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
    2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
    2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
    2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
    2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
    2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
    2010-05-01 13:09 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
    2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
    2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
    2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
    2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
    2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
    2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
    2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
    2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
    2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
    2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
    2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
    2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
    2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
    2009-03-21 14:06 . 2004-08-04 12:00 164972 --sha-r- c:\windows\system32\sqluqt.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "igndlm.exe "= "c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "LiveZilla "= "c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "RTHDCPL "= "RTHDCPL.EXE" [2009-11-17 18789408]
    "RivaTunerStartupDaemon "= "c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu "= "c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup "= "c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

    c:\documents and settings\Tyler\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe "=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Spotify\\spotify.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "c:\\Program Files\\Opera\\opera.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\RPU.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "5369:TCP "= 5369:TCP:hbyxanp

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
    S2 aysxilw;System Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 PM 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
    S2 wfmamv;Helper Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 PM 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
    S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    aysxilw
    wfmamv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

    2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant =
    FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

    ---- FIREFOX POLICIES ----
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKLM-Run-nwiz - nwiz.exe
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-hon - c:\program files\Heroes of Newerth Test Client\uninstall.exe
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    AddRemove-{3B11D799-48E0-48ED-BFD7-EA655676D8BB} - c:\program files\Common Files\BioWare\Uninstall Dragon Age Toolset.exe
    AddRemove-UnityWebPlayer - c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-07 16:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath "= "c:\windows\system32\GameMon.des -service "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
    "ImagePath "= "C:\Program Files/Thomson/ST330/service/st330service.exe -service "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aysxilw]
    "ServiceDll "= "c:\windows\system32\sqluqt.dll "
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wfmamv]
    "ServiceDll "= "c:\windows\system32\sqluqt.dll "
    .
    Completion time: 2010-06-07 16:35:04
    ComboFix-quarantined-files.txt 2010-06-07 15:34

    Pre-Run: 34,604,634,112 bytes free
    Post-Run: 35,835,174,912 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - FD07A20D8509B2E39254E2D4406C46DA
     
    Edis,
    #5
  7. 2010/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\sqluqt.dll
    
    
    Driver::
    aysxilw
    wfmamv
    
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
     "3389:TCP "=-
     "5369:TCP "=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aysxilw]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wfmamv]
    
    
    NetSvc::
    aysxilw
    wfmamv
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  8. 2010/06/12
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    ComboFix 10-06-06.04 - Tyler 12/06/2010 23:11:34.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2102 [GMT 1:00]
    Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tyler\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\sqluqt.dll "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\sqluqt.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_AYSXILW
    -------\Legacy_WFMAMV
    -------\Service_aysxilw
    -------\Service_wfmamv


    ((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
    .

    2010-06-11 23:38 . 2010-06-11 23:38 -------- d-----w- c:\program files\Stunlock Studios
    2010-06-11 23:37 . 2010-06-11 23:37 -------- d-----w- c:\program files\Microsoft XNA
    2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
    2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
    2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
    2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
    2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
    2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
    2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
    2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
    2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
    2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
    2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
    2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
    2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
    2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
    2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
    2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2
    2010-05-15 12:04 . 2010-05-15 12:04 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Yahoo
    2010-05-15 12:03 . 2010-05-28 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
    2010-05-15 12:03 . 2010-05-29 08:58 -------- d-----w- c:\program files\Yahoo!
    2010-05-15 12:03 . 2010-05-15 12:03 -------- dc-h--w- c:\windows\ie8
    2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
    2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Opera
    2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
    2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.sshterm
    2010-05-14 11:48 . 2010-05-14 11:48 -------- d-----w- c:\documents and settings\Tyler\.ssh

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-12 22:07 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
    2010-06-12 22:03 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
    2010-06-12 18:30 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
    2010-06-11 23:36 . 2009-08-26 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-06-11 22:47 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
    2010-06-09 22:38 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
    2010-06-09 20:06 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
    2010-06-08 21:46 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
    2010-06-04 17:14 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
    2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
    2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
    2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
    2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
    2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
    2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
    2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
    2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
    2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
    2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA
    2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
    2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
    2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
    2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
    2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
    2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
    2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
    2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
    2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
    2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
    2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
    2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
    2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
    2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
    2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-06-07_15.33.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-06-12 22:20 . 2010-06-12 22:20 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
    + 2010-06-12 22:20 . 2010-06-12 22:20 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
    + 2010-06-11 22:56 . 2010-06-11 22:56 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Xna.Framework.Game\1.0.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.Game.dll
    + 2010-06-11 23:37 . 2010-06-11 23:37 98304 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework.Game\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.Game.dll
    + 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_97FD91C37354ACBFB8109E.exe
    + 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_6FEFF9B68218417F98F549.exe
    + 2010-06-11 23:39 . 2010-06-11 23:39 5430 c:\windows\Installer\{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}\_03FE117FC2F9340045654C.exe
    + 2010-06-08 00:06 . 2010-06-08 00:06 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
    + 2010-06-11 23:37 . 2010-06-11 23:37 892416 c:\windows\Installer\51a62c.msi
    + 2010-06-11 22:57 . 2010-06-11 22:57 747008 c:\windows\Installer\2ceb95.msi
    + 2010-06-11 22:56 . 2010-06-11 22:56 700416 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\1.0.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.dll
    + 2010-01-27 01:07 . 2010-06-08 00:06 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2010-06-11 23:39 . 2010-06-11 23:39 1059840 c:\windows\Installer\51a630.msi
    + 2010-06-11 23:37 . 2010-06-11 23:37 1034752 c:\windows\assembly\GAC_32\Microsoft.Xna.Framework\3.1.0.0__6d5c3888ef60e27d\Microsoft.Xna.Framework.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "igndlm.exe "= "c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "LiveZilla "= "c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "RTHDCPL "= "RTHDCPL.EXE" [2009-11-17 18789408]
    "RivaTunerStartupDaemon "= "c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu "= "c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup "= "c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

    c:\documents and settings\Tyler\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe "=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Spotify\\spotify.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "c:\\Program Files\\Opera\\opera.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\RPU.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "5369:TCP "= 5369:TCP:hbyxanp

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
    S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

    2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant =
    FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

    ---- FIREFOX POLICIES ----
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-12 23:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\documents and settings\Tyler\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1715567821-884357618-839522115-1003\6a97f5eba4ec770afec0a8c0e36128a5_c0182b99-976b-46a8-8844-bc2c87d358a6 1310 bytes
    c:\documents and settings\Tyler\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1715567821-884357618-839522115-1003\ee609c5df99eae0e94b2ccd6210ff107_c0182b99-976b-46a8-8844-bc2c87d358a6 1310 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AB061F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
    \Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
    \Driver\atapi -> atapi.sys @ 0xb7dfbb40
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cdfbb0
    PacketIndicateHandler -> NDIS.sys @ 0xb7ccea0d
    SendHandler -> NDIS.sys @ 0xb7ce2b40
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath "= "c:\windows\system32\GameMon.des -service "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
    "ImagePath "= "C:\Program Files/Thomson/ST330/service/st330service.exe -service "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2476)
    c:\program files\Xfire\xfire_toucan_42784.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Thomson\ST330\service\st330service.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-06-12 23:27:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-06-12 22:27
    ComboFix2.txt 2010-06-07 15:35

    Pre-Run: 34,220,912,640 bytes free
    Post-Run: 34,171,633,664 bytes free

    - - End Of File - - 6975BAADEE976499906F76DC6180AC1B
     
    Edis,
    #7
  9. 2010/06/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is your access to security sites?

    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.
     
  10. 2010/06/13
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    I can access microsoft & all security sites now.

    Oddly I just got a BSOD after scanning for half an hour or so with GMER. I'll try again.
     
    Edis,
    #9
  11. 2010/06/13
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-06-13 13:42:16
    Windows 5.1.2600 Service Pack 3
    Running: ymc557bh.exe; Driver: C:\DOCUME~1\Tyler\LOCALS~1\Temp\kgriykow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA73756B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA7375574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA7375A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA737514C]
    SSDT spdh.sys ZwEnumerateKey [0xB7EC5CA4]
    SSDT spdh.sys ZwEnumerateValueKey [0xB7EC6032]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA737564E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA737508C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA73750F0]
    SSDT spdh.sys ZwQueryKey [0xB7EC610A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA737576E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA737572E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA73758AE]

    INT 0x62 ? 8AB06BF8
    INT 0x63 ? 8AB09BF8
    INT 0x73 ? 8AB09BF8
    INT 0x73 ? 8AB05BF8
    INT 0x73 ? 8AB09BF8
    INT 0xB4 ? 8AB09BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spdh.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB535B380, 0x566445, 0xE8000020]
    .text USBPORT.SYS!DllUnload B533B8AC 5 Bytes JMP 8AB051D8
    .text arwapgma.SYS B51B6386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text arwapgma.SYS B51B63AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text arwapgma.SYS B51B63C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text arwapgma.SYS B51B63C9 1 Byte [30]
    .text arwapgma.SYS B51B63C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spdh.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spdh.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spdh.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spdh.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spdh.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB7E9C] spdh.sys
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfRaiseIrql] 00001CA9
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\arwapgma.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8AB041F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbohci \Device\USBPDO-0 8A8711F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AA971F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8AA971F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8AA971F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8AA971F8
    Device \Driver\usbehci \Device\USBPDO-1 8A8641F8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB071F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{FA37623B-E904-4FD6-B27E-3FF210407A7C} 8A704500
    Device \Driver\sptd \Device\2893494918 spdh.sys
    Device \Driver\Cdrom \Device\CdRom0 8A8571F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB071F8
    Device \Driver\Cdrom \Device\CdRom1 8A8571F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\usbstor \Device\00000076 8A711500
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A704500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{BA03CBA6-B98C-488B-9674-8B6B6A94186B} 8A704500
    Device \Driver\NetBT \Device\NetbiosSmb 8A704500
    Device \Driver\PCI_PNP9918 \Device\0000004e spdh.sys

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbohci \Device\USBFDO-0 8A8711F8
    Device \Driver\usbehci \Device\USBFDO-1 8A8641F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 888F01F8
    Device \Driver\usbstor \Device\0000007b 8A711500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 888F01F8
    Device \Driver\usbstor \Device\0000007c 8A711500
    Device \Driver\usbstor \Device\0000007d 8A711500
    Device \Driver\Ftdisk \Device\FtControl 8AB071F8
    Device \Driver\usbstor \Device\0000007e 8A711500
    Device \Driver\arwapgma \Device\Scsi\arwapgma1 8A8401F8
    Device \Driver\arwapgma \Device\Scsi\arwapgma1Port5Path0Target0Lun0 8A8401F8
    Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 8AA961F8
    Device \Driver\nvgts \Device\Scsi\nvgts1 8AA961F8
    Device \Driver\nvgts \Device\Scsi\nvgts2 8AA961F8
    Device \Driver\nvgts \Device\Scsi\nvgts3 8AA961F8
    Device \FileSystem\Cdfs \Cdfs 888911F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xEA 0x32 0x0B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x0C 0xA3 0xBC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0xE2 0x9D 0x65 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xEA 0x32 0x0B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBE 0x0C 0xA3 0xBC ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x09 0xE2 0x9D 0x65 ...

    ---- EOF - GMER 1.0.15 ----
     
  12. 2010/06/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete your Combofix file, download new one, run it and post fresh log.
     
  13. 2010/06/14
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    The log was far too long (~218k character) to post, so i omitted the "snapshot" section which seemed to be listing every single dll on my machine.

    ComboFix 10-06-13.04 - Tyler 14/06/2010 13:26:53.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2814.2298 [GMT 1:00]
    Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100227-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
    .

    2010-06-13 16:40 . 2010-06-13 16:40 285680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-884357618-839522115-1003-0.dat
    2010-06-13 16:40 . 2010-06-13 16:40 249274 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2010-06-13 13:42 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
    2010-06-13 13:42 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
    2010-06-13 13:41 . 2010-06-13 13:41 -------- d-----w- c:\windows\system32\RsFx
    2010-06-13 13:38 . 2010-06-13 13:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-06-13 13:38 . 2010-06-13 13:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-06-13 13:37 . 2010-06-13 13:44 188128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
    2010-06-13 13:36 . 2010-06-13 13:36 -------- d-----w- c:\program files\Microsoft Help Viewer
    2010-06-13 13:36 . 2010-06-13 13:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2010-06-11 23:38 . 2010-06-11 23:38 -------- d-----w- c:\program files\Stunlock Studios
    2010-06-11 23:37 . 2010-06-11 23:37 -------- d-----w- c:\program files\Microsoft XNA
    2010-06-07 11:15 . 2010-06-07 11:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Rawr
    2010-06-04 17:28 . 2010-06-04 17:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\Dragon Age Toolset
    2010-06-04 17:12 . 2010-06-04 17:12 -------- d-----w- c:\program files\MSXML 6.0
    2010-06-04 17:10 . 2010-06-04 17:15 -------- d-----w- c:\program files\DAODB
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
    2010-06-04 15:56 . 2010-06-04 15:56 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
    2010-06-04 15:54 . 2010-06-04 15:54 -------- d-----w- c:\program files\Unity
    2010-05-28 14:53 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep_Updater
    2010-05-28 12:19 . 2010-05-28 12:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Threat Expert
    2010-05-28 11:13 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-05-28 11:13 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-05-28 11:13 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-05-28 11:13 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2010-05-28 11:13 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\Tyler\Application Data\Simply Super Software
    2010-05-28 11:13 . 2010-05-28 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-05-28 00:09 . 2010-05-28 00:09 41872 ----a-w- c:\windows\system32\xfcodec.dll
    2010-05-27 19:41 . 2010-05-27 19:41 503808 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcp71.dll
    2010-05-27 19:41 . 2010-05-27 19:41 499712 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\jmc.dll
    2010-05-27 19:41 . 2010-05-27 19:41 348160 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f9f018e-n\msvcr71.dll
    2010-05-27 19:41 . 2010-05-27 19:41 61440 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-sse.dll
    2010-05-27 19:41 . 2010-05-27 19:41 12800 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-714c64ad-n\decora-d3d.dll
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\documents and settings\Tyler\Application Data\teamspeak2
    2010-05-27 18:08 . 2010-05-27 18:08 -------- d-----w- c:\program files\Teamspeak2_RC2
    2010-05-27 18:03 . 2010-05-27 18:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\TS3Client
    2010-05-27 13:43 . 2010-05-27 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Temp
    2010-05-27 13:38 . 2010-05-27 13:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:40 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Google
    2010-05-27 13:38 . 2010-05-27 13:39 -------- d-----w- c:\program files\Google
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\EveMeep3
    2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_E9899D3A52B54A6415E79F.exe
    2010-05-26 15:12 . 2010-05-26 15:12 99678 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{95834A16-084B-4409-B78C-750B15702CFA}\_D0D7B2C4BE083D47D3E75D.exe
    2010-05-26 15:12 . 2010-05-26 15:12 -------- d-----w- c:\program files\Eve-MEEP
    2010-05-26 11:07 . 2010-05-26 11:07 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
    2010-05-25 12:39 . 2010-05-25 12:39 4096 ----a-w- c:\windows\d3dx.dat
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\PlayOnline
    2010-05-25 12:24 . 2010-05-25 12:24 -------- d-----w- c:\program files\Common Files\PlayOnline
    2010-05-22 19:55 . 2010-05-22 19:55 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-05-22 18:30 . 2010-05-28 21:41 -------- d-----w- c:\program files\PKR
    2010-05-20 15:39 . 2010-05-20 15:39 -------- d-----w- c:\documents and settings\Tyler\.GalleryRemote
    2010-05-17 11:01 . 2010-05-17 11:01 315392 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl.dll
    2010-05-17 11:01 . 2010-05-17 11:01 20480 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_awt.dll
    2010-05-17 11:01 . 2010-05-17 11:01 114688 ----a-w- c:\documents and settings\Tyler\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-229c9843-n\jogl_cg.dll
    2010-05-15 17:27 . 2010-05-22 19:55 -------- d-----w- c:\program files\StarCraft II Beta
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
    2010-05-15 17:25 . 2010-05-15 17:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-05-15 15:56 . 2010-05-15 15:56 -------- d-----w- c:\program files\SC2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-14 12:20 . 2010-01-24 14:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
    2010-06-14 11:40 . 2010-01-27 02:26 -------- d-----w- c:\program files\Steam
    2010-06-14 11:13 . 2010-01-07 01:02 -------- d-----w- c:\documents and settings\Tyler\Application Data\Spotify
    2010-06-13 13:41 . 2009-10-06 01:26 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-06-13 13:01 . 2009-07-18 12:07 -------- d-----w- c:\program files\World of Warcraft
    2010-06-11 23:36 . 2009-08-26 21:09 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-06-11 22:47 . 2009-08-15 13:17 -------- d-----w- c:\documents and settings\Tyler\Application Data\BitTorrent
    2010-06-09 22:38 . 2009-10-15 12:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\EVEMon
    2010-06-09 00:27 . 2010-02-11 22:05 1 ----a-w- c:\documents and settings\Tyler\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-06-08 21:46 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\Tyler\Application Data\FileZilla
    2010-06-04 17:09 . 2009-11-06 12:45 -------- d-----w- c:\program files\Dragon Age
    2010-06-04 15:57 . 2010-03-31 07:10 -------- d-----w- c:\documents and settings\Tyler\Application Data\Unity
    2010-06-03 15:04 . 2010-01-24 14:20 -------- d-----w- c:\program files\Xfire
    2010-05-29 08:58 . 2010-05-15 12:03 -------- d-----w- c:\program files\Yahoo!
    2010-05-28 12:36 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-05-28 12:36 . 2009-07-30 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-05-28 12:34 . 2009-08-14 18:54 -------- d-----w- c:\program files\Common Files\Ahead
    2010-05-28 12:31 . 2009-07-18 12:32 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-05-26 15:32 . 2009-07-19 11:51 -------- d-----w- c:\program files\Turbine
    2010-05-25 12:17 . 2009-07-18 12:32 -------- d-----w- c:\program files\EA GAMES
    2010-05-24 21:13 . 2010-03-20 05:41 188704 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-05-24 20:49 . 2010-03-20 05:41 139040 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-05-22 20:10 . 2010-04-10 16:19 -------- d-----w- c:\program files\Heroes of Newerth
    2010-05-22 07:54 . 2009-07-18 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-15 17:31 . 2009-08-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-05-15 17:31 . 2009-07-18 14:17 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-05-15 12:03 . 2010-05-15 12:03 -------- d-----w- c:\documents and settings\Tyler\Application Data\Yahoo!
    2010-05-15 11:53 . 2010-05-15 11:53 25808 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-15 11:53 . 2009-07-18 18:07 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
    2010-05-15 11:53 . 2010-05-15 11:53 -------- d-----w- c:\program files\Safari
    2010-05-15 11:52 . 2009-07-18 18:06 -------- d-----w- c:\program files\Common Files\Apple
    2010-05-15 11:49 . 2010-05-15 11:49 -------- d-----w- c:\program files\Opera
    2010-05-12 21:34 . 2010-05-12 21:34 655360 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
    2010-05-12 21:34 . 2010-05-12 21:34 282624 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
    2010-05-12 21:34 . 2010-05-12 21:34 208896 ----a-w- c:\documents and settings\Tyler\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
    2010-05-09 16:58 . 2010-05-01 13:10 -------- d-----w- c:\program files\HeroOnline
    2010-05-09 16:25 . 2010-05-09 16:25 -------- d-----w- c:\documents and settings\Tyler\Application Data\NVIDIA
    2010-05-08 23:05 . 2010-03-05 13:43 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-05-08 23:04 . 2009-07-18 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-05-07 19:48 . 2009-11-28 15:56 75 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences2.dat
    2010-05-07 19:43 . 2009-07-31 22:20 41 ----a-w- c:\documents and settings\Tyler\jagex_runescape_preferences.dat
    2010-05-02 00:08 . 2010-05-02 00:08 0 ----a-w- c:\documents and settings\Tyler\jagex__preferences3.dat
    2010-04-30 18:35 . 2009-09-18 16:19 -------- d-----w- c:\program files\Guild Wars
    2010-04-30 16:40 . 2009-09-02 12:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\TeamViewer
    2010-04-30 16:39 . 2009-09-02 12:54 -------- d-----w- c:\program files\TeamViewer
    2010-04-30 16:33 . 2009-10-17 15:20 -------- d-----w- c:\documents and settings\Tyler\Application Data\Skype
    2010-04-30 16:05 . 2009-10-17 15:21 -------- d-----w- c:\documents and settings\Tyler\Application Data\skypePM
    2010-04-29 14:39 . 2009-07-18 12:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 14:39 . 2009-07-18 12:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Bethesda Softworks
    2010-04-20 17:05 . 2010-04-18 12:59 -------- d-----w- c:\program files\Diablo II
    2010-04-18 13:25 . 2010-04-18 13:07 35246 ----a-w- c:\windows\DIIUnin.dat
    2010-04-18 13:23 . 2010-04-18 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-04-18 13:23 . 2010-04-18 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-04-18 13:23 . 2010-04-18 13:08 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-04-18 13:07 . 2010-04-18 13:07 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-04-18 13:07 . 2010-04-18 13:07 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-04-17 20:56 . 2009-10-15 12:57 -------- d-----w- c:\program files\EVEMon
    2010-04-13 13:37 . 2010-04-13 13:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-06 13:16 . 2009-07-18 12:24 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-29 14:59 . 2010-03-29 15:00 151552 ----a-w- c:\windows\system32\nvRegDev.dll
    2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
    2010-03-20 05:41 . 2010-03-20 05:41 139152 ----a-w- c:\documents and settings\Tyler\Application Data\PnkBstrK.sys
    2010-03-20 05:41 . 2010-03-20 05:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-03-20 05:41 . 2010-03-20 05:41 2359592 ----a-w- c:\windows\system32\pbsvc_apb.exe
    2010-03-18 15:47 . 2010-03-18 15:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
    2010-03-18 12:16 . 2010-03-18 12:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
    2010-03-18 12:16 . 2010-03-18 12:16 70472 ----a-w- c:\windows\system32\dxva2.dll
    2010-03-18 12:16 . 2010-03-18 12:16 486216 ----a-w- c:\windows\system32\evr.dll
    2010-03-18 09:09 . 2010-03-18 09:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-03-18 09:09 . 2010-03-18 09:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
    2010-03-18 09:09 . 2010-03-18 09:09 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-03-18 09:09 . 2010-03-18 09:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-03-18 08:15 . 2010-03-18 08:15 80720 ----a-w- c:\windows\system32\mfcm100u.dll
    2010-03-18 08:15 . 2010-03-18 08:15 80208 ----a-w- c:\windows\system32\mfcm100.dll
    2010-03-18 08:15 . 2010-03-18 08:15 770384 ----a-w- c:\windows\system32\msvcr100.dll
    2010-03-18 08:15 . 2010-03-18 08:15 4368720 ----a-w- c:\windows\system32\mfc100u.dll
    2010-03-18 08:15 . 2010-03-18 08:15 4342088 ----a-w- c:\windows\system32\mfc100.dll
    2010-03-18 08:15 . 2010-03-18 08:15 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2010-03-18 08:15 . 2010-03-18 08:15 138056 ----a-w- c:\windows\system32\atl100.dll
    .


    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "igndlm.exe "= "c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "LiveZilla "= "c:\program files\LiveZilla\LiveZilla.exe" [2009-12-28 2656808]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "RTHDCPL "= "RTHDCPL.EXE" [2009-11-17 18789408]
    "RivaTunerStartupDaemon "= "c:\program files\RivaTuner v2.24\RivaTuner.exe" [2009-02-25 2781184]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-04-13 13670504]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2010-04-13 110696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WIAWizardMenu "= "c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup "= "c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

    c:\documents and settings\Tyler\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe "=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe "=
    "c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Spotify\\spotify.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe "=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "c:\\Program Files\\Opera\\opera.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe "=
    "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\DragonAgeToolset.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\RPU.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\lightmapper\\eclipseRay.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\GffEditor.exe "=
    "c:\\Program Files\\Dragon Age\\tools\\ErfEditor.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\global agenda live\\Binaries\\GlobalAgenda.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "5369:TCP "= 5369:TCP:hbyxanp

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/19/2009 3:01 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/19/2009 3:01 PM 20560]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [12/24/2009 3:08 PM 66048]
    R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 5:31 AM 29263712]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2009 10:48 AM 721904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2010 2:38 PM 136176]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/18/2009 3:14 PM 1684736]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tyler\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [11/4/2009 3:07 PM 271856]
    S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [11/4/2009 3:07 PM 218608]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [9/3/2009 8:28 PM 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [9/3/2009 8:28 PM 12672]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [9/3/2009 8:28 PM 40320]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 4:08 AM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]

    2010-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 13:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant =
    FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\
    FF - prefs.js: browser.search.selectedEngine - Ask
    FF - prefs.js: browser.startup.homepage - c:\\Documents and Settings\\Tyler\\My Documents\\homepage.html
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\Tyler\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\Tyler\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Sony\Media Go\npmediago.dll

    ---- FIREFOX POLICIES ----
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-14 13:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath "= "c:\windows\system32\GameMon.des -service "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
    "ImagePath "= "C:\Program Files/Thomson/ST330/service/st330service.exe -service "
    .
    Completion time: 2010-06-14 13:35:13
    ComboFix-quarantined-files.txt 2010-06-14 12:34
    ComboFix2.txt 2010-06-12 22:27
    ComboFix3.txt 2010-06-07 15:35

    Pre-Run: 32,456,540,160 bytes free
    Post-Run: 32,513,605,632 bytes free

    - - End Of File - - 19113009B0C8B9A7F2E3145047ABD1E5
     
  14. 2010/06/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ==============================================================

    Update your Malwarebytes, run it and post the log.

    ================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. 2010/06/15
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4199

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    15/06/2010 12:36:18
    mbam-log-2010-06-15 (12-36-18).txt

    Scan type: Quick scan
    Objects scanned: 122714
    Time elapsed: 3 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ========================================================
    OTL.txt

    OTL logfile created on: 15/06/2010 12:37:56 - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tyler\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.90 Gb Total Space | 30.39 Gb Free Space | 13.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TYLERMAINPC
    Current User Name: Tyler
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    PRC - [2010/05/12 22:34:48 | 004,210,544 | ---- | M] (Spotify Ltd) -- C:\Program Files\Spotify\spotify.exe
    PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
    PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    PRC - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
    PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/24 16:30:20 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
    SRV - [2010/05/24 16:30:20 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/03 15:37:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
    SRV - [2009/07/23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2009/06/29 21:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
    SRV - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
    SRV - [2008/11/25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/04/13 20:20:32 | 010,232,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/11/17 20:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/09/15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/09/03 20:28:37 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)
    DRV - [2009/09/03 20:28:37 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)
    DRV - [2009/09/03 20:28:37 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)
    DRV - [2009/08/14 10:48:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/06/01 14:51:54 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2009/02/25 18:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
    DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Ask "
    FF - prefs.js..browser.search.order.1: "Ask "
    FF - prefs.js..browser.search.selectedEngine: "Ask "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "C:\\Documents and Settings\\Tyler\\My Documents\\homepage.html "
    FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
    FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= "


    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 14:04:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 10:11:51 | 000,000,000 | ---D | M]

    [2009/07/18 13:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Extensions
    [2010/06/10 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions
    [2010/01/24 15:21:06 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2009/07/20 17:29:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/07/19 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instantaction.com
    [2010/02/14 04:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com
    [2009/08/15 16:18:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\searchplugins\ask.xml
    [2010/06/14 14:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/06/12 23:20:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
    O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe (IGN Entertainment)
    O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/18 12:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/18 13:42:00 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/15 12:33:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    [2010/06/13 14:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
    [2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/06/13 14:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Visual Studio 2010
    [2010/06/13 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
    [2010/06/13 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2010/06/12 00:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Stunlock Studios
    [2010/06/12 00:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
    [2010/06/07 16:26:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/06/07 16:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/06/07 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Rawr
    [2010/06/04 18:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
    [2010/06/04 18:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2010/06/04 18:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\DAODB
    [2010/06/04 17:53:35 | 519,845,360 | ---- | C] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
    [2010/06/04 17:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Unity_TEST
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/06/04 16:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
    [2010/06/04 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
    [2010/06/04 16:49:46 | 170,919,512 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnitySetup-2.6.1.exe
    [2010/05/29 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\stl
    [2010/05/29 15:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\wp1
    [2010/05/28 15:58:49 | 000,558,592 | ---- | C] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
    [2010/05/28 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep_Updater
    [2010/05/28 13:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Threat Expert
    [2010/05/28 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\livebackup
    [2010/05/28 12:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Simply Super Software
    [2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
    [2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/05/27 19:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\teamspeak2
    [2010/05/27 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
    [2010/05/27 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
    [2010/05/27 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/05/27 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Google
    [2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Temp
    [2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Google
    [2010/05/27 11:20:32 | 003,281,501 | ---- | C] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
    [2010/05/26 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Dungeons and Dragons Online
    [2010/05/26 16:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep3
    [2010/05/26 16:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Eve-MEEP
    [2010/05/26 16:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\EVEMEEP_3_0_0_1
    [2010/05/26 12:07:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\PrivacIE
    [2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\PlayOnline
    [2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PlayOnline
    [2010/05/22 19:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\PKR
    [2010/05/20 16:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.GalleryRemote
    [2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
    [2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\StarCraft II Beta
    [2010/05/15 18:25:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\IETldCache
    [2010/05/15 18:02:27 | 037,517,128 | ---- | C] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
    [2010/05/15 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\SC2
    [2010/05/15 13:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Yahoo
    [2010/05/15 13:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
    [2010/05/15 13:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Yahoo!
    [2010/05/15 13:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/05/15 13:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/05/15 13:03:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/05/15 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Opera
    [2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Opera
    [2010/05/15 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2010/05/14 13:02:10 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
    [2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.sshterm
    [2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.ssh
    [2010/05/09 17:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\NVIDIA
    [2010/05/09 12:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\secondimgea
    [2010/05/07 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\DigiCertSSL_certs
    [2010/05/06 13:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Scans
    [2010/05/06 13:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Albums
    [2010/05/01 14:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\HeroOnline
    [2010/04/21 12:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\PSD Archive
    [2010/04/21 12:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\APB Screenshots
    [2010/04/21 12:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\HardcoreCasuals
    [2010/04/21 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
    [2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Oblivion
    [2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Games
    [2010/04/20 23:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\polihost.co.uk SSL
    [2010/04/18 14:07:56 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
    [2010/04/18 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
    [2010/04/17 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\diablo2
    [2010/04/17 15:37:59 | 002,756,664 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
    [2010/04/10 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
    [2010/04/10 17:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\honakcup
    [2010/04/07 22:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\mIRC
    [2010/04/05 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
    [2010/04/02 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/02 16:46:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
    [2010/03/31 08:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Unity
    [2010/03/31 08:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Unity
    [2010/03/31 08:08:48 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
    [2010/03/29 16:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\resources0
    [2010/03/21 20:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PunkBuster
    [2010/03/20 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtime Worlds
    [2010/03/20 02:45:59 | 075,968,560 | ---- | C] (Realtime Worlds) -- C:\Documents and Settings\Tyler\Desktop\APB_Beta-EU_Installer.exe
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    [2010/06/15 11:51:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/15 11:50:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/15 11:50:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/15 11:50:04 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/06/15 11:49:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/15 11:48:58 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Tyler\NTUSER.DAT
    [2010/06/15 11:48:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tyler\ntuser.ini
    [2010/06/15 11:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/14 13:33:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/13 14:42:38 | 000,757,684 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/13 14:42:38 | 000,613,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/13 14:42:38 | 000,129,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/13 14:32:20 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/06/13 11:35:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
    [2010/06/12 23:20:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/06/12 13:12:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
    [2010/06/12 00:39:07 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
    [2010/06/09 15:10:07 | 000,876,464 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tyranny2.jpg
    [2010/06/09 15:01:40 | 000,282,359 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tyranny.jpg
    [2010/06/08 22:44:54 | 000,002,664 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.png
    [2010/06/08 22:43:59 | 000,045,053 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.psd
    [2010/06/08 22:34:30 | 000,051,120 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\sindra25.jpg
    [2010/06/07 16:26:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/06/04 18:05:10 | 519,845,360 | ---- | M] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
    [2010/06/04 17:44:58 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
    [2010/06/04 16:55:14 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
    [2010/06/04 16:53:26 | 170,919,512 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnitySetup-2.6.1.exe
    [2010/06/02 18:30:58 | 000,132,386 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh3.jpg
    [2010/06/02 18:30:51 | 000,129,662 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh2.jpg
    [2010/06/02 18:30:45 | 000,117,614 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\nh1.jpg
    [2010/06/02 16:37:53 | 008,992,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
    [2010/06/02 14:57:51 | 000,646,640 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
    [2010/06/01 15:15:14 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
    [2010/06/01 15:14:18 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
    [2010/06/01 15:10:32 | 000,022,202 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
    [2010/06/01 15:09:41 | 000,022,201 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
    [2010/05/30 20:16:30 | 000,340,618 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
    [2010/05/28 15:58:49 | 000,558,592 | ---- | M] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
    [2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/27 23:14:03 | 000,355,352 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
    [2010/05/27 22:50:19 | 000,056,183 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
    [2010/05/27 19:08:15 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
    [2010/05/27 17:11:32 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
    [2010/05/27 14:49:31 | 002,121,216 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
    [2010/05/27 14:40:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/27 11:20:52 | 003,281,501 | ---- | M] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
    [2010/05/26 21:59:32 | 307,361,920 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
    [2010/05/25 13:39:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
    [2010/05/25 13:32:33 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\FINAL FANTASY XI.lnk
    [2010/05/25 13:25:24 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\PlayOnline.lnk
    [2010/05/24 22:13:30 | 000,188,704 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/05/24 21:49:41 | 000,139,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/05/24 18:10:12 | 006,833,632 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\xfire_installer_42654.exe
    [2010/05/22 19:30:06 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Play PKR.lnk
    [2010/05/22 08:54:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/19 19:37:39 | 000,176,456 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb copy.bmp
    [2010/05/19 18:54:51 | 005,856,417 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb.psd
    [2010/05/19 10:40:20 | 000,034,806 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Myrtle 19 May.gif
    [2010/05/18 23:44:00 | 000,741,217 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\pedomobile.png
    [2010/05/17 19:08:15 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/17 17:06:58 | 000,014,805 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Tower Range.honmod
    [2010/05/17 11:12:36 | 000,008,629 | ---- | M] () -- C:\sitemap.xml
    [2010/05/15 18:31:04 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
    [2010/05/15 18:24:10 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\MPQEditor.ini
    [2010/05/15 14:45:58 | 000,083,204 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
    [2010/05/15 13:03:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/05/15 12:53:21 | 000,025,808 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/15 12:49:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2010/05/14 22:17:53 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
    [2010/05/14 22:17:53 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
    [2010/05/14 16:04:32 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ccross.png
    [2010/05/14 16:04:19 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ctick.png
    [2010/05/14 13:24:47 | 000,006,818 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\cpbox1.html
    [2010/05/14 13:17:58 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
    [2010/05/14 13:02:10 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
    [2010/05/12 15:02:26 | 037,517,128 | ---- | M] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
    [2010/05/08 19:26:42 | 000,311,230 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
    [2010/05/07 20:48:36 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences2.dat
    [2010/05/07 20:43:30 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences.dat
    [2010/05/07 11:33:39 | 000,326,378 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\PP_Scan.jpg
    [2010/05/06 14:14:25 | 000,365,214 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\N2_Scan.jpg
    [2010/05/06 14:07:09 | 000,407,172 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\N_Scan.jpg
    [2010/05/06 13:52:05 | 000,709,959 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Cscan.jpg
    [2010/05/06 13:46:57 | 000,735,959 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Passport_Scan.jpg
    [2010/05/05 23:51:27 | 000,319,037 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\drobo27.jpg
    [2010/05/02 16:12:22 | 003,348,180 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\Minis.psd
    [2010/05/02 16:01:17 | 000,067,889 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warrior.png
    [2010/05/02 16:00:46 | 000,073,948 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warlock.png
    [2010/05/02 16:00:19 | 000,076,753 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Shaman.png
    [2010/05/02 15:59:56 | 000,057,273 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Rogue.png
    [2010/05/02 15:59:14 | 000,058,234 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Priest.png
    [2010/05/02 15:58:54 | 000,048,657 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Paladin.png
    [2010/05/02 15:58:26 | 000,057,256 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Mage.png
    [2010/05/02 15:57:36 | 000,070,603 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Hunter.png
    [2010/05/02 15:56:56 | 000,068,511 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Druid.png
    [2010/05/02 15:55:02 | 000,048,201 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_DK.png
    [2010/05/02 01:08:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
    [2010/05/01 21:49:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/04/30 17:39:57 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
    [2010/04/30 17:39:33 | 002,843,056 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\TeamViewer_Setup.exe
    [2010/04/30 16:27:34 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text10.png
    [2010/04/30 16:23:09 | 000,002,142 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.jpg
    [2010/04/30 14:52:59 | 001,083,066 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\korvui1.jpg
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/27 00:22:40 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2010/04/26 00:34:29 | 001,166,999 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\8888.jpg
    [2010/04/24 12:06:50 | 000,046,261 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
    [2010/04/23 22:23:29 | 000,460,928 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\radkidlol.bmp
    [2010/04/23 16:09:15 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
    [2010/04/21 11:06:47 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
    [2010/04/21 00:20:08 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\EVE.lnk
    [2010/04/20 23:07:10 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\rapidsslcert.crt
    [2010/04/20 23:05:44 | 000,001,143 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\TrustedRoot.crt
    [2010/04/20 02:34:01 | 529,562,968 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch101786-127381_m.exe
    [2010/04/19 16:36:54 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
    [2010/04/18 16:34:28 | 002,112,858 | -H-- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\IconCache.db
    [2010/04/18 14:25:20 | 000,035,246 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
    [2010/04/18 14:23:38 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/04/18 14:23:38 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/04/18 14:23:38 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/04/18 14:07:57 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
    [2010/04/18 14:07:56 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
    [2010/04/18 14:07:56 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
    [2010/04/18 03:26:27 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
    [2010/04/17 21:29:11 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
    [2010/04/17 15:38:01 | 002,756,664 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
    [2010/04/13 20:20:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/04/13 20:20:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2010/04/13 20:20:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
    [2010/04/13 20:20:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [2010/04/13 14:37:40 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/04/10 01:20:55 | 000,177,289 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\conspiracy.png
    [2010/04/08 02:25:45 | 269,152,425 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\HoNTestClient-0.2.0.exe
    [2010/04/02 16:46:48 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
    [2010/03/31 21:05:47 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2010/03/31 08:08:51 | 003,249,480 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
    [2010/03/31 00:19:33 | 000,016,292 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\DS_pic.jpg
    [2010/03/29 15:59:53 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
    [2010/03/27 15:00:31 | 000,146,631 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\yesyesyes.jpg
    [2010/03/26 16:30:49 | 000,290,816 | ---- | M] (Notausgang) -- C:\Documents and Settings\Tyler\Desktop\HoN_ModMan.exe
    [2010/03/26 14:41:30 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to hon.lnk
    [2010/03/25 20:49:54 | 000,001,079 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\APB Beta-EU Game Launcher.lnk
    [2010/03/25 14:19:27 | 355,046,139 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\HoNClient-0.3.0.exe
    [2010/03/23 06:22:33 | 005,749,459 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\leaflet.psd
    [2010/03/23 06:16:42 | 004,470,956 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\leaflet_pro.psd
    [2010/03/20 06:41:42 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
    [2010/03/20 06:41:20 | 002,359,592 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_apb.exe
    [2010/03/20 03:04:36 | 075,968,560 | ---- | M] (Realtime Worlds) -- C:\Documents and Settings\Tyler\Desktop\APB_Beta-EU_Installer.exe
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  16. 2010/06/15
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    ========== Files Created - No Company Name ==========

    [2010/06/13 17:40:04 | 000,285,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-884357618-839522115-1003-0.dat
    [2010/06/13 17:40:03 | 000,249,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/06/13 14:32:20 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/06/13 11:35:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
    [2010/06/12 13:12:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
    [2010/06/12 00:39:07 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
    [2010/06/09 15:10:06 | 000,876,464 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tyranny2.jpg
    [2010/06/09 15:01:40 | 000,282,359 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tyranny.jpg
    [2010/06/08 22:44:54 | 000,002,664 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.png
    [2010/06/08 22:34:30 | 000,051,120 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\sindra25.jpg
    [2010/06/07 16:26:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/06/07 16:26:16 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/06/04 16:55:14 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
    [2010/06/02 18:30:57 | 000,132,386 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh3.jpg
    [2010/06/02 18:30:51 | 000,129,662 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh2.jpg
    [2010/06/02 18:30:45 | 000,117,614 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh1.jpg
    [2010/06/02 16:37:42 | 008,992,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
    [2010/06/02 14:57:51 | 000,646,640 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
    [2010/06/01 15:15:13 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
    [2010/06/01 15:14:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
    [2010/06/01 15:10:32 | 000,022,202 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
    [2010/06/01 13:44:17 | 000,022,201 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
    [2010/05/30 20:16:29 | 000,340,618 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
    [2010/05/28 12:13:02 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2010/05/28 12:13:02 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
    [2010/05/28 12:13:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2010/05/28 12:13:02 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/27 22:50:18 | 000,056,183 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
    [2010/05/27 19:08:15 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
    [2010/05/27 17:11:32 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
    [2010/05/27 16:55:41 | 000,355,352 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
    [2010/05/27 14:40:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/27 14:38:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/27 14:38:44 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/27 13:49:53 | 002,121,216 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
    [2010/05/26 21:52:41 | 307,361,920 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
    [2010/05/26 16:12:24 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
    [2010/05/25 13:39:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2010/05/25 13:32:33 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\FINAL FANTASY XI.lnk
    [2010/05/25 13:25:24 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\PlayOnline.lnk
    [2010/05/24 18:10:05 | 006,833,632 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\xfire_installer_42654.exe
    [2010/05/22 19:30:06 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Play PKR.lnk
    [2010/05/19 19:37:34 | 000,176,456 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\m_fb copy.bmp
    [2010/05/19 18:27:42 | 000,034,806 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Myrtle 19 May.gif
    [2010/05/19 16:52:25 | 005,856,417 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\m_fb.psd
    [2010/05/18 23:43:57 | 000,741,217 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\pedomobile.png
    [2010/05/17 11:12:35 | 000,008,629 | ---- | C] () -- C:\sitemap.xml
    [2010/05/17 10:29:31 | 000,045,053 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.psd
    [2010/05/15 18:27:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
    [2010/05/15 14:10:18 | 000,083,204 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
    [2010/05/15 12:53:21 | 000,025,808 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/15 12:49:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2010/05/14 16:04:32 | 000,001,027 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ccross.png
    [2010/05/14 16:04:19 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ctick.png
    [2010/05/14 13:24:47 | 000,006,818 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\cpbox1.html
    [2010/05/14 13:04:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
    [2010/05/07 11:33:39 | 000,326,378 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\PP_Scan.jpg
    [2010/05/06 14:14:25 | 000,365,214 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\N2_Scan.jpg
    [2010/05/06 14:07:08 | 000,407,172 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\N_Scan.jpg
    [2010/05/06 13:52:05 | 000,709,959 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\Cscan.jpg
    [2010/05/06 13:46:57 | 000,735,959 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\Passport_Scan.jpg
    [2010/05/05 23:51:27 | 000,319,037 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\drobo27.jpg
    [2010/05/02 16:01:17 | 000,067,889 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warrior.png
    [2010/05/02 16:00:46 | 000,073,948 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Warlock.png
    [2010/05/02 16:00:19 | 000,076,753 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Shaman.png
    [2010/05/02 15:59:56 | 000,057,273 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Rogue.png
    [2010/05/02 15:59:14 | 000,058,234 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Priest.png
    [2010/05/02 15:58:54 | 000,048,657 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Paladin.png
    [2010/05/02 15:58:25 | 000,057,256 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Mage.png
    [2010/05/02 15:57:36 | 000,070,603 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Hunter.png
    [2010/05/02 15:56:56 | 000,068,511 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_Druid.png
    [2010/05/02 15:55:02 | 000,048,201 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ClassPreviews_DK.png
    [2010/05/02 01:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
    [2010/04/30 17:39:57 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
    [2010/04/30 17:39:31 | 002,843,056 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\TeamViewer_Setup.exe
    [2010/04/30 16:27:34 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text10.png
    [2010/04/30 16:23:09 | 000,002,142 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.jpg
    [2010/04/30 14:52:59 | 001,083,066 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\korvui1.jpg
    [2010/04/26 00:34:29 | 001,166,999 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\8888.jpg
    [2010/04/23 22:23:28 | 000,460,928 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\radkidlol.bmp
    [2010/04/21 11:15:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
    [2010/04/21 11:06:47 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
    [2010/04/20 23:07:10 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\rapidsslcert.crt
    [2010/04/20 23:05:44 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\TrustedRoot.crt
    [2010/04/20 02:04:28 | 529,562,968 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch101786-127381_m.exe
    [2010/04/19 17:36:50 | 000,311,230 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
    [2010/04/18 14:14:58 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
    [2010/04/18 14:08:30 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/04/18 14:08:30 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/04/18 14:08:30 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/04/18 14:07:57 | 000,035,246 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
    [2010/04/18 14:07:57 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
    [2010/04/18 14:07:56 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
    [2010/04/18 03:26:27 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
    [2010/04/13 14:37:40 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/04/13 14:37:40 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/04/10 17:17:55 | 000,014,805 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Tower Range.honmod
    [2010/04/10 01:20:55 | 000,177,289 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\conspiracy.png
    [2010/04/08 02:20:06 | 269,152,425 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\HoNTestClient-0.2.0.exe
    [2010/03/31 00:19:33 | 000,016,292 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\DS_pic.jpg
    [2010/03/29 16:00:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
    [2010/03/27 15:00:31 | 000,146,631 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\yesyesyes.jpg
    [2010/03/26 14:43:36 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
    [2010/03/26 14:41:30 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to hon.lnk
    [2010/03/25 20:49:54 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APB Beta-EU Game Launcher.lnk
    [2010/03/25 14:10:49 | 355,046,139 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\HoNClient-0.3.0.exe
    [2010/03/23 06:09:35 | 004,470,956 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\leaflet_pro.psd
    [2010/03/23 04:43:36 | 005,749,459 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\leaflet.psd
    [2010/03/21 20:57:36 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/03/20 06:41:42 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
    [2010/03/20 06:41:42 | 000,139,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/03/20 06:41:23 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2010/03/20 06:41:20 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2010/03/20 06:41:19 | 002,359,592 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
    [2010/03/20 05:21:48 | 000,046,261 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
    [2009/12/17 16:43:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/10/02 02:17:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/09/17 21:05:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/09/03 20:41:44 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2009/07/18 13:35:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/10/13 03:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
    [2009/08/14 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/12/02 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Games
    [2010/02/27 13:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
    [2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/05/28 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/03/02 15:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/05/28 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/04 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
    [2010/02/14 04:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
    [2009/07/18 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/12/31 17:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{85C726A3-72A8-4199-9F59-131D37365211}
    [2010/06/11 23:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\BitTorrent
    [2009/08/14 19:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\DAEMON Tools Lite
    [2010/06/04 18:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
    [2010/06/09 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\EVEMon
    [2010/06/08 22:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\FileZilla
    [2009/07/19 23:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GarageGames
    [2009/09/24 20:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GetRightToGo
    [2009/11/08 00:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Octoshape
    [2010/02/11 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\OpenOffice.org
    [2010/05/15 12:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Opera
    [2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
    [2009/07/20 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PirateGalaxy
    [2010/03/02 15:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Publish Providers
    [2010/05/28 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
    [2010/03/02 15:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony
    [2010/01/17 01:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony Setup
    [2010/06/15 12:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Spotify
    [2010/04/30 17:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TeamViewer
    [2010/05/27 19:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
    [2009/07/19 13:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Turbine
    [2010/04/05 15:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
    [2010/06/04 16:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Unity

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/07/18 13:46:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/07/18 13:46:12 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/07/18 13:46:12 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    @Alternate Data Stream - 1229 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JrbCQybKcFbiIfm9UlDnPvF
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 1064 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ep1UgAeivSTOEVO0Haz59R
    < End of report >
     
  17. 2010/06/15
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    Extras.txt

    OTL Extras logfile created on: 15/06/2010 12:37:56 - Run 1
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tyler\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.90 Gb Total Space | 30.39 Gb Free Space | 13.45% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TYLERMAINPC
    Current User Name: Tyler
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "5369:TCP" = 5369:TCP:*:Enabled:hbyxanp

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2 -- ()
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
    "C:\Program Files\Thomson\ST330\service\st330service.exe" = C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service -- (THOMSON Telecom Belgium)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
    "C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)
    "C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)
    "C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe" = C:\Program Files\Dragon Age\tools\DragonAgeToolset.exe:*:Enabled:Dragon Age Toolset -- (BioWare)
    "C:\Program Files\Dragon Age\tools\RPU.exe" = C:\Program Files\Dragon Age\tools\RPU.exe:*:Enabled:Dragon Age Toolset RPU -- ()
    "C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe" = C:\Program Files\Dragon Age\tools\lightmapper\eclipseRay.exe:*:Enabled:Dragon Age Toolset Lightmapper -- ()
    "C:\Program Files\Dragon Age\tools\GffEditor.exe" = C:\Program Files\Dragon Age\tools\GffEditor.exe:*:Enabled:Dragon Age Toolset GFF editor -- (BioWare)
    "C:\Program Files\Dragon Age\tools\ErfEditor.exe" = C:\Program Files\Dragon Age\tools\ErfEditor.exe:*:Enabled:Dragon Age Toolset ERF editor -- (BioWare)
    "C:\Program Files\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe" = C:\Program Files\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:Global Agenda -- (HiRez Studios, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}" = c5100_Help
    "{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6D3A42EA-DFD9-4E8A-A9DC-3DE9B162BEDD}" = Sony Vegas Movie Studio 8.0
    "{6DC2B13F-9352-465D-9019-10966C97B1C0}" = Battlefield 2 Standalone Demo Server
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{95834A16-084B-4409-B78C-750B15702CFA}" = Eve-MEEP
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
    "{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3B9BC18-2A09-4728-9B46-12E85FF3F628}" = C5100
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
    "{BAA5B7F2-D27C-4BFA-98AD-6D32153BED86}" = Aion
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{BC90276B-BE38-451C-8E4D-FF28FF08ABF6}" = Bloodline Champions Beta
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
    "{E104E5B6-0301-4540-9D9D-C57E564D8F61}" = Machinima Studio
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7A2604C-0131-4415-9D0A-717E1BB1EDD2}" = Microsoft XNA Framework
    "{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons and Dragons Onlineâ„¢ - Eberron Unlimitedâ„¢ - Live
    "62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager - Live
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Age of Conan_is1" = Age of Conan - Hyborian Adventures
    "avast!" = avast! Antivirus
    "Beta-EU" = APB Beta-EU
    "CCleaner" = CCleaner (remove only)
    "Cities XL" = Cities XL
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Diablo II" = Diablo II
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Download Manager" = Download Manager 2.3.7
    "EVE" = EVE Online (remove only)
    "EVEMon" = EVEMon
    "FileZilla Client" = FileZilla Client 3.3.0.1
    "Fraps" = Fraps (remove only)
    "Guild Wars" = Guild Wars
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
    "InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
    "InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
    "InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
    "InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
    "LiveZilla" = LiveZilla
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "OpenAL" = OpenAL
    "PKR" = PKR
    "PunkBusterSvc" = PunkBuster Services
    "RivaTuner" = RivaTuner v2.24
    "SpeedTouch 330" = SpeedTouch 330
    "Spotify" = Spotify
    "StarCraft II Beta" = StarCraft II Beta
    "Steam App 17020" = Global Agenda Live
    "Steam App 33310" = R.U.S.E. Beta
    "Steam App 400" = Portal
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamViewer 5" = TeamViewer 5
    "The Endless Forest_is1" = The Endless Forest
    "UDK-783482c7-5e76-4e22-8f56-dc86b4bb2d29" = Unreal Development Kit: 2010-02
    "Unity" = Unity
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "Octoshape Streaming Services" = Octoshape Streaming Services

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'extended_procedures', because it does not
    exist or you do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'views', because it does not exist or you do
    not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'tables', because it does not exist or you
    do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'objects', because it does not exist or you
    do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'all_sql_modules', because it does not exist
    or you do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'all_parameters', because it does not exist
    or you do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'all_columns', because it does not exist or
    you do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'all_views', because it does not exist or you
    do not have permission.

    Error - 13/06/2010 09:43:32 | Computer Name = TYLERMAINPC | Source = MSSQL$SQLEXPRESS | ID = 15151
    Description = Cannot find the object 'all_objects', because it does not exist or
    you do not have permission.

    Error - 15/06/2010 06:49:03 | Computer Name = TYLERMAINPC | Source = EventSystem | ID = 4614
    Description = The COM+ Event System detected an inconsistency in its internal state.
    The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
    Please contact Microsoft Product Support Services to report this erro

    [ System Events ]
    Error - 13/06/2010 08:53:13 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:13:41 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:29:12 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:29:33 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:29:45 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:33:46 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:34:04 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:34:18 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 09:43:00 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

    Error - 13/06/2010 10:05:44 | Computer Name = TYLERMAINPC | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service BITS with arguments
    " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


    < End of report >
     
  18. 2010/06/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're running low on a free space:
    ===============================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
      @Alternate Data Stream - 1229 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JrbCQybKcFbiIfm9UlDnPvF
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      @Alternate Data Stream - 1064 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Ep1UgAeivSTOEVO0Haz59R
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
       "3389:TCP" =-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
       "1900:UDP" =-
       "2869:TCP" =-
       "3389:TCP" =-
       "5369:TCP" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  19. 2010/06/16
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:JrbCQybKcFbiIfm9UlDnPvF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Ep1UgAeivSTOEVO0Haz59R deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Tyler
    ->Temp folder emptied: 1984682 bytes
    ->Temporary Internet Files folder emptied: 4931430 bytes
    ->Java cache emptied: 99911080 bytes
    ->FireFox cache emptied: 46233886 bytes
    ->Apple Safari cache emptied: 11889735 bytes
    ->Flash cache emptied: 165549 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2362987 bytes
    %systemroot%\System32 .tmp files removed: 4370961 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32768 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 164.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Tyler
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.0 log created on 06162010_110246

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_c4c.dat not found!
    File\Folder C:\Documents and Settings\Tyler\Local Settings\Temp\Perflib_Perfdata_bd4.dat not found!
    C:\Documents and Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\YY8YOQLU\MsgrConfig[1].asmx moved successfully.

    Registry entries deleted on Reboot...
     
  20. 2010/06/16
    Edis

    Edis Inactive Thread Starter

    Joined:
    2010/06/11
    Messages:
    14
    Likes Received:
    0
    OTL logfile created on: 16/06/2010 11:07:12 - Run 2
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Tyler\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 225.90 Gb Total Space | 30.28 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: TYLERMAINPC
    Current User Name: Tyler
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    PRC - [2010/05/28 01:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
    PRC - [2010/04/02 10:11:40 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/12/28 12:57:04 | 002,656,808 | ---- | M] (LiveZilla GmbH) -- C:\Program Files\LiveZilla\LiveZilla.exe
    PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
    PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
    PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    PRC - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
    PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    MOD - [2010/05/28 01:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_42784.dll
    MOD - [2009/01/16 18:34:08 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
    MOD - [2008/04/14 01:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
    MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/24 16:30:20 | 000,271,856 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
    SRV - [2010/05/24 16:30:20 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/03 15:37:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV - [2009/09/03 20:28:37 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
    SRV - [2009/07/23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
    SRV - [2009/06/29 21:21:52 | 003,110,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
    SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
    SRV - [2008/11/25 05:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
    SRV - [2008/11/25 05:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/04/13 20:20:32 | 010,232,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2009/11/17 20:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/09/15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/09/03 20:28:37 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\steth.sys -- (STETH)
    DRV - [2009/09/03 20:28:37 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)
    DRV - [2009/09/03 20:28:37 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)
    DRV - [2009/08/14 10:48:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/06/01 14:51:54 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2009/02/25 18:55:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
    DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
    DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Ask "
    FF - prefs.js..browser.search.order.1: "Ask "
    FF - prefs.js..browser.search.selectedEngine: "Ask "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "C:\\Documents and Settings\\Tyler\\My Documents\\homepage.html "
    FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
    FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q= "


    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 14:04:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/16 10:59:52 | 000,000,000 | ---D | M]

    [2009/07/18 13:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Extensions
    [2010/06/16 11:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions
    [2010/01/24 15:21:06 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2009/07/20 17:29:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/07/19 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\iaplayer@instantaction.com
    [2010/02/14 04:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\extensions\yyginstantplay@yoyogames.com
    [2009/08/15 16:18:53 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\Mozilla\Firefox\Profiles\chcx984b.default\searchplugins\ask.xml
    [2010/06/16 11:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/16 10:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/16 10:59:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/06/16 11:03:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTuner.exe ()
    O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe (IGN Entertainment)
    O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Tyler\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/18 12:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/16 11:03:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/06/16 11:02:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/06/16 11:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/06/16 10:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/06/15 14:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\ctrt-1.17.0-b2
    [2010/06/15 14:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\CT_RaidTracker_1.7.33
    [2010/06/15 14:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Temporary Projects
    [2010/06/15 12:33:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    [2010/06/13 14:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
    [2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/06/13 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/06/13 14:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Visual Studio 2010
    [2010/06/13 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
    [2010/06/13 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2010/06/12 00:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Stunlock Studios
    [2010/06/12 00:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
    [2010/06/07 16:26:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/06/07 16:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/06/07 12:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Rawr
    [2010/06/04 18:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
    [2010/06/04 18:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2010/06/04 18:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\DAODB
    [2010/06/04 17:53:35 | 519,845,360 | ---- | C] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
    [2010/06/04 17:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Unity_TEST
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
    [2010/06/04 16:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/06/04 16:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
    [2010/06/04 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
    [2010/06/04 16:49:46 | 170,919,512 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnitySetup-2.6.1.exe
    [2010/05/29 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\stl
    [2010/05/29 15:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\wp1
    [2010/05/28 15:58:49 | 000,558,592 | ---- | C] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
    [2010/05/28 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep_Updater
    [2010/05/28 13:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Threat Expert
    [2010/05/28 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\livebackup
    [2010/05/28 12:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Simply Super Software
    [2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
    [2010/05/28 12:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/05/27 19:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\teamspeak2
    [2010/05/27 19:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2
    [2010/05/27 19:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
    [2010/05/27 14:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/05/27 14:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Google
    [2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Temp
    [2010/05/27 14:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/05/27 14:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Google
    [2010/05/27 11:20:32 | 003,281,501 | ---- | C] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
    [2010/05/26 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\Dungeons and Dragons Online
    [2010/05/26 16:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\EveMeep3
    [2010/05/26 16:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Eve-MEEP
    [2010/05/26 16:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\EVEMEEP_3_0_0_1
    [2010/05/26 12:07:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\PrivacIE
    [2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\PlayOnline
    [2010/05/25 13:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PlayOnline
    [2010/05/22 19:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\PKR
    [2010/05/20 16:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.GalleryRemote
    [2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
    [2010/05/15 18:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\StarCraft II Beta
    [2010/05/15 18:25:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tyler\IETldCache
    [2010/05/15 18:02:27 | 037,517,128 | ---- | C] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
    [2010/05/15 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\SC2
    [2010/05/15 13:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Yahoo
    [2010/05/15 13:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
    [2010/05/15 13:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Yahoo!
    [2010/05/15 13:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/05/15 13:03:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/05/15 13:03:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/05/15 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Opera
    [2010/05/15 12:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Opera
    [2010/05/15 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2010/05/14 13:02:10 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
    [2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.sshterm
    [2010/05/14 12:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\.ssh
    [2010/05/09 17:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\NVIDIA
    [2010/04/21 11:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
    [2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Oblivion
    [2010/04/21 10:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\My Games
    [2010/04/20 23:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\My Documents\polihost.co.uk SSL
    [2010/04/18 14:07:56 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
    [2010/04/18 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
    [2010/04/17 15:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\diablo2
    [2010/04/17 15:37:59 | 002,756,664 | ---- | C] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
    [2010/04/10 17:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
    [2010/04/10 17:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\honakcup
    [2010/04/07 22:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\mIRC
    [2010/04/05 15:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
    [2010/04/02 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/02 16:46:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
    [2010/03/31 08:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Application Data\Unity
    [2010/03/31 08:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\Unity
    [2010/03/31 08:08:48 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
    [2010/03/29 16:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Desktop\resources0
    [2010/03/21 20:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PunkBuster
    [2010/03/20 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtime Worlds
    [2010/03/20 02:45:59 | 075,968,560 | ---- | C] (Realtime Worlds) -- C:\Documents and Settings\Tyler\Desktop\APB_Beta-EU_Installer.exe

    ========== Files - Modified Within 90 Days ==========

    [2010/06/16 11:05:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/16 11:04:51 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/06/16 11:04:13 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/16 11:04:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/16 11:04:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/16 11:03:16 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Tyler\NTUSER.DAT
    [2010/06/16 11:03:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/06/15 22:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/15 18:59:31 | 000,063,498 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\index.php
    [2010/06/15 18:58:25 | 000,011,689 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ctrt_plugin_class.php
    [2010/06/15 14:46:03 | 000,246,493 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\ctrt-1.17.0-b2.zip
    [2010/06/15 14:19:46 | 000,253,318 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\CT_RaidTracker_1.7.33.zip
    [2010/06/15 12:33:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tyler\Desktop\OTL.exe
    [2010/06/15 11:48:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tyler\ntuser.ini
    [2010/06/14 13:33:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/06/13 14:42:38 | 000,757,684 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/13 14:42:38 | 000,613,978 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/13 14:42:38 | 000,129,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/13 14:32:20 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/06/13 11:35:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
    [2010/06/12 13:12:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
    [2010/06/12 00:39:07 | 000,002,098 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
    [2010/06/07 16:26:19 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/06/04 18:05:10 | 519,845,360 | ---- | M] (BioWare) -- C:\Documents and Settings\Tyler\Desktop\DragonAgeToolset1.01Setup.exe
    [2010/06/04 17:44:58 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
    [2010/06/04 16:55:14 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
    [2010/06/02 16:37:53 | 008,992,824 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
    [2010/06/02 14:57:51 | 000,646,640 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
    [2010/06/01 15:15:14 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
    [2010/06/01 15:14:18 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
    [2010/06/01 15:10:32 | 000,022,202 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
    [2010/06/01 15:09:41 | 000,022,201 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
    [2010/05/30 20:16:30 | 000,340,618 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
    [2010/05/28 15:58:49 | 000,558,592 | ---- | M] (Bome) -- C:\Documents and Settings\Tyler\Desktop\Core_1_0_0_2.dll
    [2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/27 23:14:03 | 000,355,352 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
    [2010/05/27 22:50:19 | 000,056,183 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
    [2010/05/27 19:08:15 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
    [2010/05/27 17:11:32 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
    [2010/05/27 14:49:31 | 002,121,216 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
    [2010/05/27 14:40:01 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/27 11:20:52 | 003,281,501 | ---- | M] (battleclinic.com) -- C:\Documents and Settings\Tyler\Desktop\EVEMon-install-1.3.1.2138.exe
    [2010/05/26 21:59:32 | 307,361,920 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
    [2010/05/25 13:39:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
    [2010/05/25 13:32:33 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\FINAL FANTASY XI.lnk
    [2010/05/25 13:25:24 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\PlayOnline.lnk
    [2010/05/24 22:13:30 | 000,188,704 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/05/24 21:49:41 | 000,139,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/05/24 18:10:12 | 006,833,632 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\xfire_installer_42654.exe
    [2010/05/22 19:30:06 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Play PKR.lnk
    [2010/05/22 08:54:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/19 19:37:39 | 000,176,456 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb copy.bmp
    [2010/05/19 18:54:51 | 005,856,417 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\m_fb.psd
    [2010/05/19 10:40:20 | 000,034,806 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Myrtle 19 May.gif
    [2010/05/18 23:44:00 | 000,741,217 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\pedomobile.png
    [2010/05/17 19:08:15 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/17 17:06:58 | 000,014,805 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Tower Range.honmod
    [2010/05/17 11:12:36 | 000,008,629 | ---- | M] () -- C:\sitemap.xml
    [2010/05/15 18:31:04 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
    [2010/05/15 18:24:10 | 000,001,357 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\MPQEditor.ini
    [2010/05/15 14:45:58 | 000,083,204 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
    [2010/05/15 13:03:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/05/15 12:53:21 | 000,025,808 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/15 12:49:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2010/05/14 22:17:53 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
    [2010/05/14 22:17:53 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
    [2010/05/14 16:04:32 | 000,001,027 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ccross.png
    [2010/05/14 16:04:19 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\ctick.png
    [2010/05/14 13:24:47 | 000,006,818 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\cpbox1.html
    [2010/05/14 13:17:58 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
    [2010/05/14 13:02:10 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Tyler\Desktop\putty.exe
    [2010/05/12 15:02:26 | 037,517,128 | ---- | M] (Realtime Worlds, Inc.) -- C:\Documents and Settings\Tyler\Desktop\APB.exe
    [2010/05/08 19:26:42 | 000,311,230 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
    [2010/05/07 20:48:36 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences2.dat
    [2010/05/07 20:43:30 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex_runescape_preferences.dat
    [2010/05/02 01:08:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
    [2010/05/01 21:49:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/04/30 17:39:57 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
    [2010/04/30 17:39:33 | 002,843,056 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\TeamViewer_Setup.exe
    [2010/04/30 16:27:34 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text10.png
    [2010/04/30 16:23:09 | 000,002,142 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.jpg
    [2010/04/30 14:52:59 | 001,083,066 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\korvui1.jpg
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/27 00:22:40 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2010/04/26 00:34:29 | 001,166,999 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\8888.jpg
    [2010/04/24 12:06:50 | 000,046,261 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
    [2010/04/23 22:23:29 | 000,460,928 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\radkidlol.bmp
    [2010/04/23 16:09:15 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
    [2010/04/21 11:06:47 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
    [2010/04/21 00:20:08 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\EVE.lnk
    [2010/04/19 16:36:54 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
    [2010/04/18 16:34:28 | 002,112,858 | -H-- | M] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\IconCache.db
    [2010/04/18 14:25:20 | 000,035,246 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
    [2010/04/18 14:23:38 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/04/18 14:23:38 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/04/18 14:23:38 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/04/18 14:07:57 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
    [2010/04/18 14:07:56 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
    [2010/04/18 14:07:56 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
    [2010/04/18 03:26:27 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
    [2010/04/17 21:29:11 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
    [2010/04/17 15:38:01 | 002,756,664 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Tyler\Desktop\Downloader_Diablo2_enGB.exe
    [2010/04/13 20:20:32 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/04/13 20:20:32 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2010/04/13 20:20:32 | 000,025,755 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
    [2010/04/13 20:20:32 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [2010/04/13 14:37:40 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/04/08 02:25:45 | 269,152,425 | ---- | M] () -- C:\Documents and Settings\Tyler\Desktop\HoNTestClient-0.2.0.exe
    [2010/04/02 16:46:48 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tyler\Desktop\HJTInstall.exe
    [2010/03/31 21:05:47 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2010/03/31 08:08:51 | 003,249,480 | ---- | M] (Unity Technologies ApS) -- C:\Documents and Settings\Tyler\Desktop\UnityWebPlayer.exe
    [2010/03/31 00:19:33 | 000,016,292 | ---- | M] () -- C:\Documents and Settings\Tyler\My Documents\DS_pic.jpg
    [2010/03/29 15:59:53 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nvRegDev.dll
    [2010/03/20 06:41:42 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
    [2010/03/20 06:41:20 | 002,359,592 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_apb.exe

    ========== Files Created - No Company Name ==========

    [2010/06/15 18:51:42 | 000,011,689 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\ctrt_plugin_class.php
    [2010/06/15 14:46:03 | 000,246,493 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\ctrt-1.17.0-b2.zip
    [2010/06/15 14:19:45 | 000,253,318 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\CT_RaidTracker_1.7.33.zip
    [2010/06/13 17:40:04 | 000,285,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-884357618-839522115-1003-0.dat
    [2010/06/13 17:40:03 | 000,249,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/06/13 14:32:20 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2010/06/13 11:35:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\ymc557bh.exe
    [2010/06/12 13:12:52 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\dds.scr
    [2010/06/12 00:39:07 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bloodline Champions.lnk
    [2010/06/07 16:26:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/06/07 16:26:16 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/06/04 16:55:14 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Unity.lnk
    [2010/06/02 18:30:57 | 000,132,386 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh3.jpg
    [2010/06/02 18:30:51 | 000,129,662 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh2.jpg
    [2010/06/02 18:30:45 | 000,117,614 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\nh1.jpg
    [2010/06/02 16:37:42 | 008,992,824 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch154366-156690_m.exe
    [2010/06/02 14:57:51 | 000,646,640 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\weird hair.psd
    [2010/06/01 15:15:13 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Crammond.doc
    [2010/06/01 15:14:18 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Tyler\My Documents\.~lock.CV_Tyler_Hunter_Crammond_RT.rtf#
    [2010/06/01 15:10:32 | 000,022,202 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV_Tyler_Hunter_Crammond.odt
    [2010/06/01 13:44:17 | 000,022,201 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\CV.odt
    [2010/05/30 20:16:29 | 000,340,618 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\3574724.htm
    [2010/05/28 12:13:02 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2010/05/28 12:13:02 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
    [2010/05/28 12:13:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2010/05/28 12:13:02 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/27 22:50:18 | 000,056,183 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\tansdecline.jpg
    [2010/05/27 19:08:15 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Teamspeak 2 RC2.lnk
    [2010/05/27 17:11:32 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to TurbineLauncher.lnk
    [2010/05/27 16:55:41 | 000,355,352 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.ods
    [2010/05/27 14:40:01 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/27 14:38:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/27 14:38:44 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/27 13:49:53 | 002,121,216 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\EVE_Master_Sheet.xls
    [2010/05/26 21:52:41 | 307,361,920 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch127381-154366_m.exe
    [2010/05/26 16:12:24 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Eve-MEEPv3.lnk
    [2010/05/25 13:39:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
    [2010/05/17 10:29:31 | 000,045,053 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\icecrown-citadel-text25.psd
    [2010/05/15 18:27:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II Beta.lnk
    [2010/05/15 14:10:18 | 000,083,204 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\email-icons-thumb.psd
    [2010/05/15 12:53:21 | 000,025,808 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/15 12:49:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2010/05/14 13:04:21 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tyler\Local Settings\Application Data\PUTTY.RND
    [2010/05/02 01:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tyler\jagex__preferences3.dat
    [2010/04/30 17:39:57 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
    [2010/04/21 11:15:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
    [2010/04/21 11:06:47 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
    [2010/04/20 23:07:10 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\rapidsslcert.crt
    [2010/04/20 23:05:44 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\Tyler\My Documents\TrustedRoot.crt
    [2010/04/20 02:04:28 | 529,562,968 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\evepremiumpatch101786-127381_m.exe
    [2010/04/19 17:36:50 | 000,311,230 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\epgp viewer.zip
    [2010/04/18 14:14:58 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Diablo II - Lord of Destruction.lnk
    [2010/04/18 14:08:30 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/04/18 14:08:30 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/04/18 14:08:30 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/04/18 14:07:57 | 000,035,246 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
    [2010/04/18 14:07:57 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
    [2010/04/18 14:07:56 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
    [2010/04/18 03:26:27 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Portal.lnk
    [2010/04/13 14:37:40 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
    [2010/04/13 14:37:40 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
    [2010/03/29 16:00:10 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
    [2010/03/26 14:43:36 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Heroes of Newerth.lnk
    [2010/03/26 14:41:30 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\Shortcut to hon.lnk
    [2010/03/25 20:49:54 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APB Beta-EU Game Launcher.lnk
    [2010/03/21 20:57:36 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/03/20 06:41:42 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Tyler\Application Data\PnkBstrK.sys
    [2010/03/20 06:41:42 | 000,139,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/03/20 06:41:23 | 000,188,704 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2010/03/20 06:41:20 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2010/03/20 06:41:19 | 002,359,592 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
    [2010/03/20 05:21:48 | 000,046,261 | ---- | C] () -- C:\Documents and Settings\Tyler\Desktop\APBCompat.ini
    [2009/12/17 16:43:22 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/10/02 02:17:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2009/09/17 21:05:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/09/03 20:41:44 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2009/07/18 13:35:46 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/10/13 03:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
    [2009/08/14 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/12/02 18:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Games
    [2010/02/27 13:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
    [2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2010/05/28 12:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/03/02 15:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/05/28 13:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/04 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
    [2010/02/14 04:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
    [2009/07/18 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/12/31 17:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{85C726A3-72A8-4199-9F59-131D37365211}
    [2010/06/11 23:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\BitTorrent
    [2009/08/14 19:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\DAEMON Tools Lite
    [2010/06/04 18:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Dragon Age Toolset
    [2010/06/09 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\EVEMon
    [2010/06/15 19:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\FileZilla
    [2009/07/19 23:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GarageGames
    [2009/09/24 20:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\GetRightToGo
    [2009/11/08 00:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Octoshape
    [2010/02/11 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\OpenOffice.org
    [2010/05/15 12:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Opera
    [2010/06/04 16:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PACE Anti-Piracy
    [2009/07/20 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\PirateGalaxy
    [2010/03/02 15:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Publish Providers
    [2010/05/28 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Simply Super Software
    [2010/03/02 15:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony
    [2010/01/17 01:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Sony Setup
    [2010/06/15 13:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Spotify
    [2010/04/30 17:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TeamViewer
    [2010/05/27 19:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\TS3Client
    [2009/07/19 13:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Turbine
    [2010/04/05 15:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Ubisoft
    [2010/06/04 16:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tyler\Application Data\Unity

    ========== Purity Check ==========


    < End of report >
     
  21. 2010/06/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.